Organizational Security Policies  Who can access which resources in what manner?  Security policy - high-level management document that informs all.

Slides:

Advertisements

Similar presentations

Crime and Security in the Networked Economy Part 4.

Advertisements

Chapter 8 – Administering Security

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 14 Security Policies and Training.

Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.

Security+ Guide to Network Security Fundamentals

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

 Research data is an important asset.  We need to work together to build an infrastructure that facilitates good data management.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 6 Enterprise Security.

Stephen S. Yau CSE , Fall Contingency and Disaster Recovery Planning.

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)

Concepts of Database Management Seventh Edition

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

1 Pertemuan 9 Network Security and E-Commerce Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi: >

Session 3 – Information Security Policies

Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Chapter 3 Ethics, Privacy & Security

Information Asset Classification

 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.

Program Objective Security Basics

Cory Bowers Harold Gray Brian Schneider Data Security.

Module 02: 1 Introduction to Computer Security and Information Assurance Objectives Recognize that physical security and cyber security are related Recognize.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.

Security in Practice Enterprise Security. Business Continuity Ability of an organization to maintain its operations and services in the face of a disruptive.

Chapter 8 Administering Security

Week 11 - Friday.  What did we talk about last time?  Security planning  Risk analysis  Security policies.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Information Systems Security Operational Control for Information Security.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

Physical Site Security.  Personnel  Hardware  Programs  Networks  Data  Protection from:  Fire  Natural disasters  Burglary / Theft  Vandalism.

Information Systems Security

Information Asset Classification Community of Practicerev. 10/24/2007 Information Asset Classification What it means to employees.

E.Soundararajan R.Baskaran & M.Sai Baba Indira Gandhi Centre for Atomic Research, Kalpakkam.

Note1 (Admi1) Overview of administering security.

Physical Security and Contingency Planning CS432 - Security in Computing Copyright © 2008 by Scott Orr and the Trustees of Indiana University.

IT in Business Issues in Information Technology Lecture – 13.

Social Networking Presentation to Department Heads January 21, 2010.

Information Technology Acceptable Use Policy The acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree.

Security Administration. Links to Text Chapter 8 Parts of Chapter 5 Parts of Chapter 1.

Security fundamentals Topic 11 Maintaining operational security.

Chap 8: Administering Security.  Security is a combination Technical – covered in chap 1 Administrative Physical controls SE571 Security in Computing.

CONTROLLING INFORMATION SYSTEMS

1 Information Security Compliance System Owner Training Module 3 Supplement: Analysis of Policy Compliance Checklist Issues Richard Gadsden Information.

Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.

Prepared By: Razif Razali 1 TMK 264: COMPUTER SECURITY CHAPTER SIX : ADMINISTERING SECURITY.

Computer Security Define a computer systemDefine a computer system –web server, cable box, ATM, etc. Security policy (a set of desired goals) varies in.

INFORMATION SECURITY AND CONTROL. SECURITY: l Deter l Detect l Minimize l Investigate l Recover.

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.

Disaster Recovery Planning (DRP) DRP: The definition of business processes, their infrastructure supports and tolerances to interruptions, and formulation.

Online Data Storage Companies MY Docs Online. Comparison Name Personal Edition Enterprise Edition Transcription Edition Price $9.95 monthly rate $4.99.

Chapter 14: System Administration Mark Milan. System Administration Acquiring new IS resources Maintaining existing IS resources Designing and implementing.

HR SECURITY  EGBERT PESHA  ALLOCIOUS RUZIWA  AUTHER MAKUVAZA  SAKARIA IINOLOMBO

Developing a Network Security Policy By: Chris Catalano.

For more course tutorials visit

Computer Security: Chapter 9

Week 12 - Friday CS363.

Chapter 8 – Administering Security

Information Assurance Policy and Management

CompTIA Security+ Study Guide (SY0-501)

Security Measures Module 7 Section 1.

INFORMATION SYSTEMS SECURITY and CONTROL

Objectives Telecommunications and Network Physical and Personnel

Presentation transcript:

Organizational Security Policies  Who can access which resources in what manner?  Security policy - high-level management document that informs all users of the goals and constraints on using a system.

Security Policies Purpose  Recognize sensitive information assets  Clarify security responsibilities  Promote awareness for existing employees  Guide new employees

Security Policies Audience  Users  Owners  Beneficiaries  Balance Among All Parties

Contents  Purpose  Protected Resources (what - asset list)  Nature of the Protection (who and how)

Characteristics of a Good Security Policy  Coverage (comprehensive)  Durability  Realism  Usefulness  Examples

Physical Security  Natural Disasters FloodFlood FireFire OtherOther  Power Loss UPS; surge suppressors (line conditioners)UPS; surge suppressors (line conditioners)  Human Vandals Unauthorized Access and UseUnauthorized Access and Use TheftTheft

Physical Security  Interception of Sensitive Information Dumpster Diving - ShreddingDumpster Diving - Shredding Remanence (slack bits)Remanence (slack bits)  Overwriting Magnetic Data  DiskWipe  Degaussing Emanation - TempestEmanation - Tempest

Contingency Planning  BACKUP!!!!! Complete backupComplete backup Revolving backupRevolving backup Selective backupSelective backup  OFFSITE BACKUP!!!!!  Networked Storage (SAN)  Cold site (shell)  Hot site